To prevent T199557#4490609 from ever happening again, there should be a check that ensures the account exists, before actually adding them to the LDAP group.
Setting priority to high since this has a security impact.
To prevent T199557#4490609 from ever happening again, there should be a check that ensures the account exists, before actually adding them to the LDAP group.
Setting priority to high since this has a security impact.
@MoritzMuehlenhoff I think this needs to be something integrated into whatever tool is being used to add people to LDAP rather than something after the fact. It happened again today: https://tools.wmflabs.org/sal/log/AWW1Q3TLwY2u4JUTIzpe
Bump, this happened again: T224110: Non-existent users in the archiva-deployers LDAP group.
If someone could document what script is being used to do this, I can look into writing a patch.
I use " modify-ldap-group" to make changes to LDAP groups. But then there is also "ldapvi" which others might be using. It's possible that modify-ldap-group does more checks than ldapvi which is more "raw" editing.